Unusual Network Activity

Description

This anomaly contains a large number of detections for rare or unusual network interaction.

Content Mapping

This content is not mapped to any local saved search. Add mapping


Use Case

Advanced Threat Detection, Insider Threat, Security Monitoring

Category

Lateral Movement, Insider Threat, Account Compromise, Data Exfiltration

Alert Volume

Medium (?)

SPL Difficulty

None

Journey

Stage 4

MITRE ATT&CK Tactics

Command and Control

MITRE ATT&CK Techniques

Custom Cryptographic Protocol
Custom Command and Control Protocol
Uncommonly Used Port

MITRE Threat Groups

APT3
APT32
APT33
APT37
Gorgon Group
Group5
Lazarus Group
Magic Hound
OilRig
PLATINUM
TEMP.Veles

Data Sources

Network Communication